SSL/TLS Strong Encryption: How-To # “Modern” configuration, defined by the Mozilla Foundation’s SSL Configuration # Generator as of August 2016. This tool is available at # SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite […]

owasp stuff

Updating servers cuz of glibc vulnerability

Ghost is a vulnerability in glibc that attackers can use against only a handful of applications right now to remotely run executable code and gain control of a Linux server. The vulnerability is a heap-based buffer overflow and affects all Linux systems, according to experts, and has been present in the glibc code since 2000. […]

SSL Broken Again – Google’s POODLE Affects Oodles

Another challenge for internet security 97% of SSL web servers are likely to be vulnerable to POODLE, a vulnerability that can be exploited in version 3 of the SSL protocol. POODLE, in common with BEAST, allows a man-in-the-middle attacker to extract secrets from SSL sessions by forcing the victim’s browser into making many thousands of […]